突然,top -c shift M看了一下流程,发现其中两个cpu占了100%,非常不可思议,于是找到文件打开看了日志,吓了一跳
loaded plugins 3360 fastestmirrorloadedplugins 3360 fastestmirrorloadedplugins : fastestmirrorlwxrwx1nginx nginx 0a pr 1101013333366 phpupdatedon ' tkill lrwxrwxrwx1nginx nginx 0a pr 1101336025/proc/3693/exe-/tmp/PHP gp phpguarddon ' tkill lrwxrwxrwxrwx1nginx tmp/PHP update/tmp/phpupdatedon ' tkill.phpupdatedon ' tkillnoneeddownloadnotneeddownloadiamherenoneeeeddown 1-19336046:10./phpupdatenginx 7607199 apr 11? 1-19336035336056/tmp/phpupdatetmpruning . nottmpsruningnginx 369310 apr 11? 0:00:06 ./phpguardtmpsruning . loaded plugins : fastest mirror/usr/PGD dlf/curl/usr/PGD dlf/CDT open : nosuchfileordirectoryloadedplugins 3360 fastestmirrorloadedplugins 3360 fastestmirrorrrorins 3360 e : nothingtobedonefor ` all '.install-PDM 755 PGD dlf/mass can/usr/PGD dlf/masscanmascaninstalledmascanalreadyinstinstion tmp/mass can-1.0.4/pn scan-1.11 all '.make [1] : leaving directory `/tmp/mass can-1.0.4/pn scan-1.11.11 uu pgddlfpnscaninstalledpnscanalreadyinstalled [ ] redis user 3360 root [ ] redissetdirerror1errchangingdirectory 3360 nosuchfileordirector redissetdirerror2errchangingdirectory 3360 nosuchfileordirectory [ redissetdirerror3errchangingdirectory : nosuchfileordirectory [ ] redissetstop-writes-on-bgsaveerrorreadtcp 172.18.149.101336045972-123.57.144.51336063793360 I/otimeout redissetdbfilenameerrordialtcp 123.57.144.51336063793360 I/otimeout [ ] redissetdbfilenameeerrrordialtcp 123.57.5127 redissetkeyerrordialtcp 123.57.144.51336063793360 I/otimeout在日志中发现病毒劫持并开采nginx,我站在了山顶上
之后,附上如何解决
1 .首先,确认contab计时器的定时任务列表是否包含非自己添加的定时任务
2 .查询Linux开机启动的启动文件,进去查看是否有多余的启动项目,找出进程所在文件的位置,确定是采掘进程,然后删除,然后重新启动Linux服务器,确认该进程是否查看后台日志,查看其他进程是否处理干净